Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Endpoint Protection - App Whitelisting?

From: BRIAN R GRILLI <brg3 () PSU EDU>
Date: Mon, 13 Nov 2017 13:57:26 -0500
I have been in the auditing phase the last few weeks with deploying Applocker to my staff machines. Since I was able to 
generate my whitelist off our standard staff computer image (and our staff do not have admin rights to install any 
software), setting up the rules and exceptions was pretty easy. During the audit I haven't run into too many issues of 
legitimate things getting blocked, but I'm sure we will see more as time goes on. If it becomes too much to manage, we 
may end up abandoning it. This is a deployment on <100 machines, so I'd imagine going campus wide you would definitely 
need quite a few support staff trained to manage this. 

Prior to this, we survived mainly on user education, and of course good backups :) 

From: "Chad Tracy" <chad.tracy () COLBY EDU> 
To: SECURITY () LISTSERV EDUCAUSE EDU 
Sent: Monday, November 13, 2017 1:18:34 PM 
Subject: [SECURITY] Endpoint Protection - App Whitelisting? 

Good afternoon, 

We currently use Carbon Black's CB Protection (application whitelisting) on some of our end user computers ( we have a 
licensing for 300 endpoints... however we only ever got it working on around 70 Windows machines...) It has not been 
working out well and we are looking to move in a different direction. 

I recently learned, from a call with Gartner, that "typically" application whitelisting is utilized on servers and 
systems that are fairly locked down (think of machines used by the insurance and medical industry, kiosks...) 

Knowing this, we are looking to see what you all are doing to lock down your systems to assist in ransomware and 
zero-day incidents: 

Have any of you had luck in deploying application whitelisting on their end users machines... or is this a lost cause 
that takes to much money and FTEs to support? 

Do you have Endpoint protection deployed on your campus? 

If so, who with? 

Kind Regards, 

Chad Tracy 
Director of Information Security 
Colby College 
Waterville, ME 04901 
207 . 859 . 4199 
[ mailto:chad.tracy () colby edu | chad.tracy () colby edu ]
Previous By Date Next
Previous By Thread Next

Current thread: